Google Cloud Professional Cloud Security Engineer — Question 206

There is a vendor who needs access to your company's Google Cloud environment. The vendor uses a third-party identity provider (IdP). You need to integrate this IdP with your company's Google Cloud environment to enable single sign-on (SSO) for the vendor's users in the most secure way. You don't want to manage any of the vendor users' lifecycle management. What should you do?

Answer options

• A. Use Google Cloud Directory Sync to synchronize user accounts from the IdP to Google Workspace, and then configure SSO between Google Workspace and Google Cloud.
• B. Develop a custom application that queries the IdP for user authentication and then programmatically creates Google Cloud user accounts.
• C. Connect the vendor's IdP with Google Cloud using Workforce Identify Federation.
• D. Create Google Cloud accounts for each user and synchronize their passwords with the third-party IdP.

Correct answer: C

Explanation

The correct answer is C because Workforce Identity Federation allows seamless integration of third-party IdPs with Google Cloud without needing to manage user accounts directly. Options A and B require user lifecycle management, which the question specifies should be avoided. Option D also involves creating and managing Google Cloud accounts, which is not in line with the requirement to not handle user accounts directly.